TehRiehlDeal
f740b1a97f
backend-ci / lint (push) Failing after 24s
backend-ci / typecheck (push) Failing after 21s
backend-ci / test (push) Failing after 23s
backend-ci / build (push) Has been skipped
backend-ci / image-scan (push) Has been skipped
backend-ci / secrets-scan (push) Failing after 8s
backend-ci / sast (push) Successful in 12s
backend-ci / push (push) Has been cancelled
backend-ci / fs-scan (push) Has been cancelled
Pipeline (backend/.gitea/workflows/ci.yml): - lint, typecheck, test (postgres+redis service containers, prisma migrate deploy, jest), gitleaks, semgrep, Trivy fs+image scans, buildx build with gha cache, Harbor push gated on `main` or v* tags - Image tags via docker/metadata-action: :latest (main only), :sha-<full>, semver-derived :1.2.3 / :1.2 / :1 from v* tags - Secrets: HARBOR_HOST, MOVIELOOP_USERNAME, MOVIELOOP_PASSWORD, PRISMA_TEST_KEY Production image hardening (docker/Dockerfile, docker/entrypoint.sh): - New entrypoint runs `npx prisma migrate deploy` then `exec node dist/src/main` so migrations apply on container start (single-replica deploys only) - Switched CMD -> ENTRYPOINT, added USER node + chown for non-root runtime Versioning (package.json, .versionrc.json): - Bumped to 1.0.0 baseline - Added commit-and-tag-version devDep + release/release:minor/major/dry scripts. Conventional Commits drive bumps; CHANGELOG hides chore/ci/etc. Scan configs: - .gitleaks.toml allows .env.example - .semgrepignore excludes node_modules/, dist/, generated/prisma/, coverage/, test/, prisma/migrations/ - .trivyignore placeholder with format docs Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
7 lines
73 B
Plaintext
7 lines
73 B
Plaintext
node_modules/
|
|
dist/
|
|
generated/prisma/
|
|
coverage/
|
|
test/
|
|
prisma/migrations/
|